Wireshark

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
• The most powerful display filters in the industry
• VoIP analysis
• Live capture and offline analysis are supported
• Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
• Capture files compressed with gzip can be decompressed on the fly
• Hundreds of protocols are supported, with more being added all the time
• Coloring rules can be applied to the packet list, which eases analysis

Full release notes are available here

New:

• The Windows installers now ship with Qt 5.12.3. They previously shipped with Qt 5.12.1
• The Windows installers now ship with Npcap 0.995. They previously shipped with Npcap 0.992
• The macOS packages are now notarized

Bug Fixes:

The following vulnerabilities have been fixed:

• wnpa-sec-2019-19 Wireshark dissection engine crash

The following bugs have been fixed:

• Add (IETF) QUIC Dissector
• Wireshark Hangs on startup initializing external capture plugins
• [oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more than 1000000 items in the tree - possible infinite loop
• Wireshark can call extcap with empty multicheck argument
• CMPv2 KUR message disection gives unexpected value for serialNumber under OldCertId fields
• "(Git Rev Unknown from unknown)" in version string for official tarball
• External extcap does not get all arguments sometimes
• Help file doesn’t display for extcap interfaces
• Buildbot crash output: randpkt-2019-03-14-4670.pcap
• Building only libraries on windows fails due to CLEAN_C_FILES empty
• Statistics→Conversations→TCP→Follow Stream - incorrect behavior
• Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp field)
• ws_pipe: leaks pipe handles on errors
• Build issue in Wireshark - 3.0.1 on RHEL6
• ISAKMP: Segmentation fault with non-hex string for IKEv1 Decryption Table Initiator Cookie
• extcap: non-boolean call arguments can be appended without value on selector Reload
• Incorrectly interpreted format of MQTT PUBLISH payload data
• print.c: Memory leak in ek_check_protocolfilter
• IETF QUIC dissector incorrectly parses retry packet
• Bacnet(app): fix wrong value for id 183 (logging-device → logging-object)
• The SMB2 code to look up decryption keys by session ID assumes it’s running on a little-endian machine
• tshark -G folders leaves mmdbresolve process behind
• Dissector bug, protocol TLS - failed assertion "data"
• WSMP : header_opt_ind field is not correctly set